Proceedings of the IEEE International Workshop on Information Forensics and Security

Publisher :

IEEE

Pages :

91 - 96

Peer reviewed :

Yes

On invitation :

No

Audience :

International

ISBN :

978-1-4673-2285-0

Event name :

WIFS’12

Event date :

2-5 December

Event organizer :

University of Vigo, Spain

Event place (city) :

Tenerife

Event country :

Spain

Abstract :

[en] In network level forensics, Domain Name Service (DNS) is a rich source of information. This paper describes a new approach to mine DNS data for forensic purposes. We propose a new technique that leverages semantic and natural language processing tools in order to analyze large volumes of DNS data. The main research novelty consists in detecting malicious and dangerous domain names by evaluating the semantic similarity with already known names. This process can provide valuable information for reconstructing network and user activities. We show the efficiency of the method on experimental real datasets gathered from a national passive DNS system.